michaelh/zephyr
1
0
Fork 0
Code Releases Activity

mbedtls: default enable USE_PSA_CRYPTO when CRYPTO_C

Browse source 
Now that support for all PSA_WANT symbols is in place, we can
enable MBEDTLS_USE_PSA_CRYPTO when MBEDTLS_PSA_CRYPTO_C is
enabled as well.

Note: this commit also moves USE_PSA_CRYPTO out of CRYPTO_C
dependency in config-tls-generic.h because TLS/DTLS/X509 modules
of MbedTLS can rely on *any* implementation of PSA crypto APIs
not only the MbedTLS one. TFM is for example an alternative
to this.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2024-05-13 10:16:42 +02:00 committed by Anas Nashif
commit 2adb4cac17
4 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/mbedtls/Kconfig.tls-generic
View file

@ -488,6 +488,7 @@ config MBEDTLS_PSA_CRYPTO_C
config MBEDTLS_USE_PSA_CRYPTO config MBEDTLS_USE_PSA_CRYPTO
bool "Use PSA APIs instead of legacy MbedTLS when possible" bool "Use PSA APIs instead of legacy MbedTLS when possible"
default y if MBEDTLS_PSA_CRYPTO_CLIENT
help help
Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other
"intermediate" modules such as PK, MD and Cipher. "intermediate" modules such as PK, MD and Cipher.

8
modules/mbedtls/configs/config-tls-generic.h
View file

@ -474,10 +474,6 @@
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_C
#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
#define MBEDTLS_USE_PSA_CRYPTO
#endif
#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC) #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC)
#define MBEDTLS_PSA_KEY_SLOT_COUNT 64 #define MBEDTLS_PSA_KEY_SLOT_COUNT 64
#define MBEDTLS_PSA_CRYPTO_STORAGE_C #define MBEDTLS_PSA_CRYPTO_STORAGE_C
@ -487,6 +483,10 @@
#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */ #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
#define MBEDTLS_USE_PSA_CRYPTO
#endif
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
#define MBEDTLS_PSA_CRYPTO_CLIENT #define MBEDTLS_PSA_CRYPTO_CLIENT
#define MBEDTLS_PSA_CRYPTO_CONFIG #define MBEDTLS_PSA_CRYPTO_CONFIG

1
samples/tfm_integration/psa_crypto/prj.conf
View file

@ -29,7 +29,6 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y
CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h" CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h"
CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_USE_PSA_CRYPTO=y
CONFIG_MBEDTLS_ENTROPY_ENABLED=y CONFIG_MBEDTLS_ENTROPY_ENABLED=y
CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECP_C=y
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y

1
subsys/bluetooth/mesh/Kconfig
View file

@ -1349,7 +1349,6 @@ config BT_MESH_USES_MBEDTLS_PSA
select MBEDTLS select MBEDTLS
select MBEDTLS_ZEPHYR_ENTROPY select MBEDTLS_ZEPHYR_ENTROPY
select MBEDTLS_PSA_CRYPTO_C select MBEDTLS_PSA_CRYPTO_C
select MBEDTLS_USE_PSA_CRYPTO
select MBEDTLS_MAC_CMAC_ENABLED select MBEDTLS_MAC_CMAC_ENABLED
select MBEDTLS_CIPHER_AES_ENABLED select MBEDTLS_CIPHER_AES_ENABLED
select MBEDTLS_AES_ROM_TABLES select MBEDTLS_AES_ROM_TABLES